Novell eDirectory 8.7.3 SP10b for Solaris, Linux, and AIX
July 01, 2008
1.0 Overview
2.0 Installation
2.1 Prerequisites
2.2 Component Versions With this Patch
2.3 Installing or Upgrading eDirectory
3.0 Known Issues
3.1 Installation and Configuration Issues
3.2 iMonitor Issues
3.3 Executing ndsimonitor on Solaris 9 Generates an
Error Message
3.4 ConsoleOne Issues
3.5 SNMP Issues
3.6 Increasing the Size of the eDirectory Log Files
3.7 Faxparameters Issue with NLDAP
3.8 Replacing an Attribute With a Zero Length Value
Through ICE Deletes the Attribute
3.9 NetMail Version for Upgrading to eDirectory
8.7.3.x
3.10 Repair Issues
3.11 Missing IP Address Entry in the /etc/hosts File
on Linux
3.12 Manpaths
3.13 Creating LDAP Server and Group Objects in
iManager
3.14 ndsconfig cannot Set IP Address for
n4u.server.interfaces
3.15 Novell Account Management Fails on a Solaris 8
Server Running a Kernel Patch Level of 108528-14
or Higher on Upgrading from eDirectory 8.7 to
8.7.3.x
3.16 Increasing the Speed of Bulkloads
3.17 Extended Characters Not Supported by LDAP Tools
3.18 OpenSLP Does Not Work on 64-bit SLES 9
3.19 Error While Starting ndsd with Locale Other Than
English
3.20 DirXML Issues
3.21 Hard Cache Considerations for Solaris
3.22 ICE Plug-in Won't Authenticate in iManager for
Import on Linux
3.23 Errors When Running edirutil -i on Linux
3.24 File Descriptor Limitation on Solaris
3.25 Cannot View Password Plugin in iManager on
Logging in to eDirectory 8.7.3 SP10
3.26 Nds-uninstall Removes Only 8.7.3.10 eDirectory
Administration Utilities
4.0 Change Log
4.1 ds
4.2 nldap
4.3 ncpengine
4.4 install
4.5 ldap
4.6 iMonitor
4.7 dsrepair
4.8 snmp
4.9 eMBox
4.10 httpstk
4.11 ice
4.12 jclient
5.0 Documentation Issues
5.1 eDirectory 8.7.3 Documentation
5.2 Additional Readme Information
6.0 Legal Notices
1.0 Overview
This patch is an update to the original release of
Novell eDirectory 8.7.3. It contains all the fixes and
updates since eDirectory 8.7.3 shipped.
This update is for the Solaris, Linux, and AIX
platforms only.
2.0 Installation
- 2.1 Prerequisites
- 2.2 Component Versions With this Patch
- 2.3 Installing or Upgrading eDirectory
2.1 Prerequisites
- 2.1.1 Solaris
- 2.1.2 Linux
- 2.1.3 AIX
2.1.1 Solaris
- One of the following:
- Solaris 8 on Sun SPARC (with patch
108827-20 or later)
- Solaris 9 on Sun SPARC
- All latest recommended set of patches
available on the SunSolve Web page
(http://sunsolve.sun.com). If you do
not update your system with the latest
patch before installing eDirectory, you
will get the patchadd error.
2.1.2 Linux
- One of the following:
- OES Linux SP2 32 bit
- SUSE Linux Enterprise Server 9 32
and 64-bit SP3 and SP4 (both 32 and
64-bit)
- SUSE Linux Enterprise Server 10 32
and 64-bit
To determine the version of SUSE
Linux you are running, see the
/etc/SuSE-release file.
- Red Hat Enterprise Linux ES & AS 3.0
32-bit
- Red Hat Enterprise Linux AS 4.0 32
and 64-bit
- Ensure that gettext is installed. To
install gettext, search the rpmfind
(http://rpmfind.net) Website for
gettext.
2.1.3 AIX
- AIX 5L Version 5.2
- All recommended AIX OS patches,
available at the IBM Tech Support
(https://techsupport.services.ibm.com/s
erver/fixes) Website
2.2 Component Versions With this Patch
- 2.2.1 Linux
- 2.2.2 Solaris
- 2.2.3 AIX
2.2.1 Linux
ice 10552.76
ndsd 10554.34
nldap 10555.98
ndssnmp 10552.40
ndstrace 10554.34
ndsconfig 10553.71
ndsimonitor 20212.63
ndsrepair 10551.81
2.2.2 Solaris
ice 10552.76
ndsd 10554.34
nldap 10555.98
ndssnmp 10552.40
ndstrace 10554.34
ndsconfig 10553.71
ndsimonitor 20212.63
ndsrepair 10551.81
2.2.3 AIX
ice 10552.76
ndsd 10554.34
nldap 10555.98
ndssnmp 10552.40
ndstrace 10554.34
ndsconfig 10553.71
ndsimonitor 20212.63
ndsrepair 10551.81
2.3 Installing or Upgrading eDirectory
- 2.3.1 Pre-Installation Notes
- 2.3.2 Installing eDirectory
- 2.3.3 More Information
2.3.1 Pre-Installation Notes
- Install this on a full installation of
eDirectory 8.7.3.x.
- Don't install on DS 8.x.x or eDirectory
8.5.x, 8.6.x, 8.7.0. or 8.7.1.
- This patch has only been tested using
the latest support packs and on
eDirectory 8.7.3.x supported platforms.
This patch is also supported on RedHat
Advanced Server 3.0 (RHAS3.0) and SUSE
Linux Enterprise Server 9 and 10 (SLES9
& 10).
- eDirectory 8.7.3 SP8 onwards, the
security updates are no longer included
with the eDirectory patch. You need to
download the security separately from
the http://download.novell.com.
We highly recommend you to use SSP205
in combination with eDirectory 8.7.3
SP10.
- Minimum patch requirements for Solaris
9:
The patch requires that on Solaris 9 a
set of patches from Sun must be
installed before applying this patch.
These patches are required to support
Sun's 'libumem' memory allocator which
improves performance on Solaris 9.
112874-13 (or newer) libc patch
114370-01 (or newer) libumem.so.1
114371-01 (or newer) libumem; mdb
components patch
114373-01 (or newer) abi_libumem.so.1
patch
112233-11 (or newer) SunOS 5.9: Kernel
patch
- Extracting the patch on Solaris may
fail with checksum errors. This occurs
when using a version of the Solaris
'tar' that has not been updated. Using
the GNU 'tar' will work. Sun has also
fixed this issue in the following
patches:
SPARC Solaris 8: 110951
SPARC Solaris 9: 115336
- Single user mode (runlevel 1) on Red
Hat Linux:
In order to successfully run in single
user mode on Linux (ie: init 1) then
you must remove the symbolic link
/etc/rc.d/rc1.d/S54ndsd. You will only
need to do this one time. If you do not
do this then eDirectory will try to
start during the initialization of the
runlevel.
- Installing this patch on Solaris
without first configuring a tree may
generate errors during installation.
To install on Solaris in this
situation follow this order:
1. Install eDirectory 8.7.3
2. Install NICI as required by the
security patches contained in this
release
3. Install NMAS server and security
updates contained in this release
4. Install this eDirectory patch
5. Configure a tree as per normal
using ndsconfig
2.3.2 Installing eDirectory
This patch release is only for a server
currently running eDirectory 8.7.3.x. It
requires that eDirectory 8.7.3.x already
be installed on the server. If the server
is running an earlier version of
eDirectory you must upgrade that server's
version of eDirectory to 8.7.3.x before
applying this patch. The full 8.7.3.x
product can be found at
http://download.novell.com. This patch can
then be applied.
For more information on installing
eDirectory 8.7.3.x, refer to the "Novell
eDirectory 8.7.3 Installation Guide"
(http://www.novell.com/documentation/lg/ed
ir873/index.html).
Complete the following procedure to
install eDirectory:
1. Download the tarred compressed file to
your UNIX system.
2. Extract the file using the following
command:
gzip -dc edir87310.tgz | tar xvf -
3. Change to the ./edir87310 directory.
4. Ensure eDirectory has been completely
stopped first by using the following
command depending on the platform:
Linux: /etc/init.d/ndsd stop
Solaris: /etc/init.d/ndsd stop
AIX: /etc/ndsd stop
5. Type ./install.sh as the root user to
proceed with the installation.
If you wish to execute the eDirectory
update directly then type ./install.sh
[options] as the root user.
-f --force
Force the installation of the patch at
all costs (continues on failure).
-s --showall
Display the package versions that are
installed for Novell products.
-i --showinstalled
Display the installed package versions
for the packages that are included in
this patch.
-n --noansi
Disable the use of ANSI colours. If
the terminal type is 'xterm' then
colours will be disabled by default.
-y --yesansi
Enable the use of ANSI colours.
-ne --noerrors
Disable the display of expanded error
messages that are shown when an error
is generated.
-u --unattended
Allows the patch to be installed in
unattended mode. Will stop if an
error is encounted unless the --force
switch is also used.
-a --autostart
Attempt to start the product after the
installation process.
-h --help
Displays this command line help.
6. If you have Novell iManager installed
then after the installation you will
need to restart the Tomcat and Apache2
daemons. Use the following commands to
do this:
Linux:
- Tomcat: /etc/init.d/novell-tomcat4
start
- Apache: /etc/init.d/novell-httpd
start
Solaris:
- Tomcat: /var/opt/novell/tomcat4/bin/
startup.sh
- Apache: /var/opt/novell/httpd/bin/ap
achectl startssl
7. eDirectory 8.7.3 SP8 onwards, the
Security updates (NMAS, PKI, NTLS, and
NICI) are not included in the
eDirectory patch. To get the latest
Security Patches, visit
http://download.novell.com
(http://download.novell.com). Select
Security Services | Search from the
Product or Technology drop down menu.
Download and install the platform
specific patch and NMAS methods.
Novell recommends you to use the SSP
205 security patch in combination with
eDirectory 8.7.3 SP10.
2.3.3 More Information
For additional information regarding this
patch refer to the following Technical
Information Documents on the Novell
Support Knowledgebase at
http://support.novell.com/search/kb_index.
jsp:
TID 10094651: The Linux NDS SNMP Subagent
"ndssnmpsa" will not start
TID 10096146: Connection lost to
eDirectory 8.7.3, on Red Hat AS 3.0
Server, while bulk loading objects
TID 10096145: eDirectory 8.7.3 runs out of
memory, on Red Hat AS 3.0 Server, while
running repeated LDAP operations
TID 10097153: NDSD will not start after
installing Solaris 9 patches
TID 10097186: nds-uninstall fails to
remove the NDSserv package on RedHatTID
10097155: Can't run repair and rename tree
operations, via embox, on RedHat
TID 10097143: How to enable the FLAIM
memory pre-allocation feature
TID 10098714: How to configure dsbk for
Linux and Unix
3.0 Known Issues
3.1 Installation and Configuration Issues
- 3.1.1 X.509 and CertMutual Login Methods
- 3.1.2 Installing and Configuring eDirectory on
SUSE Linux Fails When DHCP is Configured
- 3.1.3 Interoperability of eDirectory with SLP
Shipped on Solaris 8.0 (Native SLP, slpd)
- 3.1.4 Upgrading from eDirectory 8.6.2, 8.7, or
8.7.1 to eDirectory 8.7.3.x
- 3.1.5 ndsconfig Creates the nds.conf File and
the DIB Directory Even When Configuration
Fails
- 3.1.6 Unable to Configure the LDAP Server with
Default SSL CertificateDNS Certificate.
- 3.1.7 Specifying eDirectory Information During
the Configuration
- 3.1.8 Core DS Component Installation
- 3.1.9 Installing eDirectory 8.7.3 SP10 on a
SLES 9 Server
- 3.1.10 SLP Issues on OES Linux
- 3.1.11 NICI Issue in RedHat Linux
- 3.1.12 Error Might Prompt while Installing
eDirectory 8.7.3 SP10 on AIX
- 3.1.13 Upgrading from eDirectory 8.7.3.7 to
eDirectory 8.7.3.10a
- 3.1.14 Dsbk Utility Fails in eDirectory 8.7.3
SP10a on Solaris 9.0
3.1.1 X.509 and CertMutual Login Methods
The X.509 and CertMutual login methods
that shipped with eDirectory 8.6.x are not
compatible with eDirectory 8.7.3.x. When
you upgrade from 8.6.x to 8.7.3.x, you
must upgrade the X.509 and CertMutual
login methods as well.
The Certificate-based NMAS methods in NMAS
EE 2.0 are also incompatible with
eDirectory 8.7.3.x.
3.1.2 Installing and Configuring eDirectory on
SUSE Linux Fails When DHCP is Configured
On SUSE Linux, when DHCP is configured,
installing and/or configuring eDirectory
fails with the following error:
"Can't contact LDAP server. Error (-1):
Installation aborting."
To resolve this error, make sure that the
following entry is present in /etc/hosts
before configuring eDirectory:
127.0.0.1 localhost.localdomain localhost
If the entry 127.0.0.2
<<hostname>>.localdomain <<hostname>> is
present in the file, add 127.0.0.1
<<hostname>>.localdomain <<hostname>>
before the entry to look similar to the
following:
127.0.0.1 <<hostname>>.localdomain
<<hostname>>
127.0.0.2 <<hostname>>.localdomain
<<hostname>>
This change might affect other network
applications. You might want to revert
this change once the eDirectory
configuration is completed. Reverting back
will not impact the eDirectory services.
3.1.3 Interoperability of eDirectory with SLP
Shipped on Solaris 8.0 (Native SLP, slpd)
If Native SLP is already present and
configured, the eDirectory installation on
Solaris 8.0 detects the presence of the
Native SLP package and does not install
the NovellSLP package.
You should make sure that the slpd daemon
is running before configuring a new
eDirectory server, as eDirectory requires
SLP in order to query for duplicate tree
names, advertising, etc.
To start the slpd daemon on Solaris 8.0:
1. Create the slp configuration file,
either by copying
/etc/inet/slp.conf.example to
/etc/inet/slp.conf or by any
alternative method.
2. Start the slpd daemon with the
following command:
/etc/init.d/slpd start.
The slpd daemon will not start if the
/etc/inet/slp.conf file does not
exist.
The network administrator can change the
slp configuration by editing the
/etc/inet/slp.conf file and restarting the
slpd daemon.
You can use NovellSLP by installing the
NovellSLP package, configuring the
/etc/slpuasa.conf file as per the network
requirements, and starting the slpuasa
daemon. Make sure that the
/etc/inet/slp.conf file does not exist
(either by removing or making a backup of
this file) and stop the /etc/init.d/slpd
daemon before using the NovellSLP package.
3.1.4 Upgrading from eDirectory 8.6.2, 8.7, or
8.7.1 to eDirectory 8.7.3.x
Upgrading from eDirectory 8.6.2, 8.7, or
8.7.1 to eDirectory 8.7.3 or eDirectory
8.7.3.x rebuilds the LDAP Mapping table
and re-adds the inetOrgPerson --> User
mapping, causing any new objects created
via LDAP to be of the User base class
instead of the inetOrgPerson base class.
This will only be an issue if you deleted
the mapping for inetOrgPerson --> User and
defined a real inetOrgperson Class in your
previous version of eDirectory.
The workaround for this problem is to use
ConsoleOne to remove the mapping from the
Class Mappings page of the LDAP Group
Object.
3.1.5 ndsconfig Creates the nds.conf File and
the DIB Directory Even When Configuration
Fails
If configuration fails, ndsconfig creates
the /etc/nds.conf file and the
/var/nds/dib directory. You might have to
delete these files manually.
3.1.6 Unable to Configure the LDAP Server with
Default SSL CertificateDNS Certificate.
When configuring eDirectory on Linux or
Solaris servers into a replica with many
objects or with synchronization problems,
you might experience an "Unable to
configure LDAP server with default SSL
CertificateDNS certificate. Use
ConsoleOne/iManager to associate SSL
CertificateDNS certificate with LDAP
server." error at the end of the ndsconfig
process.
If the ndsd service is stopped at this
point, you can restart it manually by
entering the following at the console
prompt:
/etc/init.d/ndsd start
At this point, you might also need to
verify that the LDAP Server object for
that server was configured with an SSL
Certificate. In ConsoleOne/iManager, open
the properties pages of the LDAP Server
object for this server, select the SSL/TLS
Configuration tab, then look at the Server
Certificate field on that tab. If it has
been populated with the name of an SSL
Certificate (for example, "SSL
CertificateDNS"), click Close to exit the
properties pages. If this field is blank,
click the browse button for that field and
select a certificate from the list. The
default is "SSL CertificateDNS." Then
click Apply and Close.
Finally, verify that the
/var/novell/nici/0 directory (if user
'root' ran the install) contains a
'nicisdi.key' file. If it doesn't, restart
the server to synchronize the key file.
3.1.7 Specifying eDirectory Information During
the Configuration
When specifying the eDirectory information
during the configuration, if an invalid
Server object container type is specified,
the configuration will not detect the
error until later, and the eDirectory
configuration will fail with a -611 or
-634 error which imply an incorrect base
class.
The valid Server object container types
are:
- Organization (O)
- Organizational Unit (OU)
- Domain (DC)
3.1.8 Core DS Component Installation
On rare occasions, the eDirectory
installation will fail during its core DS
component installation. If so, an error
message like the following will be
displayed:
"The DS component of eDirectory failed to
install correctly. The error received was:
'<some error>'. Please view ndsd.log for
more detailed information. The eDirectory
installation will now be terminated."
If you receive this error, you should try
to reinstall the product, or remove it and
then reinstall it. If the reinstallation
fails because of a partial installation
already being on your system, or for any
other reason, please visit the Novell
Support (http://support.novell.com) Web
site for possible solutions.
3.1.9 Installing eDirectory 8.7.3 SP10 on a SLES
9 Server
-
-
Installing a Non-replica Server into an
Existing Tree
When installing a non-replica server into
an existing tree (after the third server),
you might get install failures. This is
due to the fact that SLES 9 ships with a
developer/unsupported version of OpenSLP
(OpenSLP 1.1.5).
To fix this problem, install the supported
version of OpenSLP (OpenSLP 1.0.11,
available from www.openslp.org) on your
SLES 9 system before installing eDirectory
8.7.3 SP10.
NOVLembox RPM Fails if X Isn't installed
NOVLembox RPM fails if X isn't installed,
due to the fact that the JRE libraries
have a requirement on the X libraries. In
the \embox\build\linux\pkg_embox_lin file,
move the following lines from the %install
section to the %post section so that there
is no dependency checking on these files:
cd \$RPM_BUILD_ROOT/$emb_path
gunzip -c jre141-Linux.tar.gz | tar xf -
rm -f jre141-Linux.tar.gz
You should also delete RPM_BUILD_ROOT and
recursively delete the JRE directory in
the %preun section to clean up the files.
There is also a dependency on
libstdc++libc6.1-1.so.2. Install the
compat package set in order to get this
component. Additionally, if you install
just the XFree86-libs package, you will
get what you need to install NOVLembox.
3.1.10 SLP Issues on OES Linux
OpenSLP implements SLPv2 while Novell SLP
implements SLPv1.
SLPv1 UAs will not receive replies from
SLPv2 SAs and SLPv2 UAs will not receive
replies from SLPv1 SAs. That is, the
clients with OpenSLP will not be able to
see trees with Novell SLP. Similarly, the
clients with Novell SLP will not be able
to see trees with OpenSLP.
If both OpenSLP and Novell SLP are running
in the network, then one of the OpenSLP
(on OES Linux) should be configured as DA.
3.1.11 NICI Issue in RedHat Linux
Some RedHat Linux systems, especially the
RedHat Advanced Servers, ship a prelink
rpm, to help faster loading of
applications. However, prelink modifies
the image of binaries to achieve faster
loading. Once prelink modifies the NICI
libraries, the integrity check fails and
makes the NICI binaries unusable.
To prevent this, you have to explicitly
disable the prelink from processing the
NICI binaries by adding the following in
the /etc/prelink.conf file:
-b /usr/lib/libccs2.so.2.6.4
3.1.12 Error Might Prompt while Installing
eDirectory 8.7.3 SP10 on AIX
You might encounter the following error
while installing eDirectory 8.7.3 SP10 on
AIX:
The "./AIX/NDS.NDSbase.fileset" package
included in this patch has a version of
"." when it is expected to be "8.7.3.10".
To continue the installation past any
errors use the -- force switch.
To continue the installation, check for
the sufficient space in the /tmp
directory.
3.1.13 Upgrading from eDirectory 8.7.3.7 to
eDirectory 8.7.3.10a
eDirectory upgrade fails because
ConsoleOne install script forces the
following rpms to install:
- NDSbase-8.7.3.7-38
- NLDAPbase-8.7.3-34
- NLDAPsdk-8.7.3-34
Work around: Before attempting the
eDirectory upgrade again, remove these
packages manually through the following
steps:
1. Stop eDirectory.
/etc/init.d/ndsd stop
2. Uninstall these rpms:
rpm -e NDSbase-8.7.3.7-38
rpm -e NLDAPbase-8.7.3-34
rpm -e NLDAPsdk-8.7.3-34
3. Run the eDirectory 8.7.3.10a
installer.
./install.sh
4. Start eDirectory.
/etc/init.d/ndsd start
3.1.14 Dsbk Utility Fails in eDirectory 8.7.3
SP10a on Solaris 9.0
Dsbk utility fails with an error.
3.2 iMonitor Issues
- 3.2.1 Browser Compatibility
- 3.2.2 Browsing for Objects in iMonitor
Containing Double-byte Characters
- 3.2.3 Agent Health Check on a Single Server
Tree
- 3.2.4 iMonitor Report Does Not Save the
Records of Each Hour
- 3.2.5 Logging In to iMonitor
- 3.2.6 Creation and Modification Timestamps
3.2.1 Browser Compatibility
The iMonitor included with this release of
eDirectory requires Internet Explorer 5.5
or later or Netscape 7.02 or later or
Firefox 2.x or later.
3.2.2 Browsing for Objects in iMonitor
Containing Double-byte Characters
When using iMonitor to browse an
eDirectory tree for objects, an object
with double-byte characters in the name
might not hyperlink to the object
properties correctly. This issue will be
resolved in a future release of iMonitor.
3.2.3 Agent Health Check on a Single Server Tree
The Agent Health check feature in iMonitor
shows a Warning icon in the Results column
when run on a single server tree because
of the Perishable Data status. This does
not mean that the tree is not healthy or
that the Agent Health check is not working
as designed. Perishable Data indicates the
amount of data that has not yet been
synchronized to at least one replica. A
single server tree, by its nature, means
that the data is always at risk for
catastrophic failure because there is no
other place that the data is replicated.
If you lose the hard disk, you lose the
data.
If you don't want to view health check
warnings about Perishable Data or Readable
Replica Counts on your single server tree,
you can turn off these health checks by
editing the /etc/ndsimonhealth.conf file
to change the following entries:
perishable_data-active: OFF
and
ring_readable-Min_Marginal: 1
or
ring_readable-active: OFF
This will get turn off the warnings for
Readable Replica Count and Perishable
Data.
3.2.4 iMonitor Report Does Not Save the Records
of Each Hour
The custom reports feature in iMonitor is
designed to place the URL specified by the
user into the saved report (the saved HTML
file) when the custom report is created.
That means that when you open a saved
custom report that has been run, you will
see the live (current) data instead of the
data captured by the URL at the time the
custom report is run. This issue will be
resolved in a future release of iMonitor.
3.2.5 Logging In to iMonitor
The username in the iMonitor login page
should be dotted and non-typed DN. For
example, admin.novell. Other formats (such
as dotted and typed, for example,
cn=admin.o=novell; or LDAP format, for
example, cn=admin,o=novell) are not
accepted.
An unsuccessful login in iMonitor returns
to the login page without displaying any
errors.
3.2.6 Creation and Modification Timestamps
As UNIX platforms do not maintain the
creation time of a file, iMonitor shows
both the creation and modification times
to be the same.
3.3 Executing ndsimonitor on Solaris 9 Generates an
Error Message
When you execute ndsimonitor on command line, it
fails with the following error:
ld.so.1: ndsimonitor: fatal: libiconv.so.2: open
failed: No such file or directory
To work around this issue, use ndstrace to unload
and then load the iMonitor library.
- To Unload:
ndstrace -c unload imon
- To Load:
ndstrace -c load imon
You can use ndsimonitor from 8.7.3.9, if
required.
3.4 ConsoleOne Issues
- 3.4.1 ConsoleOne and Open SLP
- 3.4.2 Using ConsoleOne to Manage NetWare 4.x
Servers
- 3.4.3 Creating Server Certificate Objects
- 3.4.4 "Operation Failed" Error
- 3.4.5 Using the Alt Key to Enter International
Characters
- 3.4.6 Novell Client Versions Required for
ConsoleOne 1.3.6
- 3.4.7 Installing ConsoleOne on UNIX With All
Languages Selected
- 3.4.8 Adding an LDAP Server or LDAP Group
Object Fails Due to Version Incompatibility
3.4.1 ConsoleOne and Open SLP
The NOVLc1 package does not get installed
during the installation of ConsoleOne on a
Linux machine with an Open SLP package.
If an Open SLP package is detected on a
Linux machine and you want to install
ConsoleOne on that Linux machine, install
the Novell SLP package first, then run the
ConsoleOne install script.
3.4.2 Using ConsoleOne to Manage NetWare 4.x
Servers
In order to use ConsoleOne to manage a
tree containing NetWare 4.x servers (DS v
6.17), IPX must be installed on the
management client. Even if ConsoleOne is
run from a NetWare box via a mapped drive
on the client, the client machine on which
ConsoleOne is running must be able to
connect natively via IPX.
3.4.3 Creating Server Certificate Objects
Creating Server Certificate objects (also
known as Key Material objects) is not
supported in ConsoleOne on the UNIX
platforms. This function is supported
through iManager or from ConsoleOne on the
Windows platform.
3.4.4 "Operation Failed" Error
The error "Operation Failed." The required
dependencies were not found. Please refer
to Novell documentation for the required
prerequisites." indicates that a required
SPM client library from the Universal
Password feature in NMAS has not been
installed or is not available, or that the
server or workstation has incomplete or
old versions of required eDirectory
libraries.
To get the most recent libraries,
reinstall the Novell Client (Novell Client
for Windows NT/2000/XP version 4.9 or
later or Novell Client for Windows 95/98
version 3.4 or later on a Windows
workstation) or reinstall the latest
eDirectory libraries, available on the
eDirectory 8.7.3 CD.
3.4.5 Using the Alt Key to Enter International
Characters
Using the Alt+number keys to enter
international characters when naming
objects in ConsoleOne causes the
characters to display incorrectly. The
workaround for this is to use an
international keyboard or to copy the
extended characters from Notepad or
another Windows application into the
ConsoleOne text field. Manually upgrading
your JRE to version 1.4.1_02 will also fix
this problem.
3.4.6 Novell Client Versions Required for
ConsoleOne 1.3.6
ConsoleOne errors might be encountered
during authentication and password
modification operations when running on a
Windows workstation with an older version
of the Novell Client. ConsoleOne 1.3.6 on
Windows requires one of the following:
- Novell Client for Windows 95/98 version
3.4 or later
- Novell Client for Windows NT/2000/XP
version 4.9 or later
3.4.7 Installing ConsoleOne on UNIX With All
Languages Selected
When installing ConsoleOne on UNIX with
all non-English languages selected, you
will receive the following message:
"One or more of the languages for the
specified snap-ins are not available to
install or have not been translated for
installation.ConsoleOne will continue to
install. However, when executing
ConsoleOne, some of the snap-ins will
display English where the specific
language was not available."
This issue will be resolved in a future
release of eDirectory.
3.4.8 Adding an LDAP Server or LDAP Group Object
Fails Due to Version Incompatibility
The LDAP ConsoleOne snap-in gives an
obsolete version error. To resolve this,
do the following:
1. Create the LDAP Server object.
2. Create the LDAP Group object.
3. Add the LDAP Server to the LDAP Group
object's Server List.
4. Set the NCP Server to the LDAP Server
object's Host Server field.
5. Set SSL CertificateDNS to the LDAP
Server object's Server Certificate
field in the SSL/TLS Configuration
tab.
6. Wait for 10 seconds.
3.5 SNMP Issues
- 3.5.1 SNMP on Linux
- 3.5.2 Errors While Starting the NDS Subagent
- 3.5.3 Restarting ndssnmpsa
- 3.5.4 Error While Starting ndssnmpsa
- 3.5.5 Issue with 64 Bit Version of Net-Snmp
3.5.1 SNMP on Linux
On SLES9, net-snmp 5.1 master agent has a
known issue. It prints the message "snmpd:
send_trap: Unknown PDU type" and does not
send the traps.
To avoid this error, you need upgrading
net-snmp to 5.1.2 or a later version.
On SLES 10, before starting the subagent,
export the variable SNMP_MAJOR_VERSION
using the following command:
export SNMP_MAJOR_VERSION=10
3.5.2 Errors While Starting the NDS Subagent
On RedHat Advanced Server 3.0 32 bit, the
subagent might fail with the following
message:
Unable to load library: libnetsnmp.so
To resolve this, enter the following
before starting the NDS subagent: export
LD_PRELOAD=/usr/lib/libnetsnmp.so.5:/usr/l
ib/libnetsnmphelpers.so.5:/usr/lib/libnetsn
mpmibs.so.5
Even after the above mentioned
workarounds, you may continue to get the
following error while browsing the NDS MIB
through the MIB browser:
Connection from callback: 1 on fd 4
You will still get the statistics, and you
can ignore the above error messages.
3.5.3 Restarting ndssnmpsa
When the master agent is restarted on
Solaris, and Linux, ndssnmpsa needs to be
restarted.
To restart ndssnmpsa, stop ndssnmpsa and
then start it again.
To stop ndssnmpsa, enter the following:
- Solaris: /etc/init.d/ndssnmpsa stop
- Linux: /etc/init.d/ndssnmpsa stop
- AIX: /etc/ndssnmpsa stop
To start ndssnmpsa, enter the following:
- Solaris: /etc/init.d/ndssnmpsa start
- Linux: /etc/init.d/ndssnmpsa start
- AIX: /etc/ndssnmpsa start
3.5.4 Error While Starting ndssnmpsa
When you start ndssnmpsa on UNIX, you
might get the following errors:
Error: eDirectory SNMP Initialization
component. Error code: -168
Error: eDirectory SNMP Initialization
component. Error code: 9
To resolve this, do the following:
1. Stop the SNMP subagent if it is
running.
2. Unload and load ndssnmp as follows:
/usr/bin/ndssnmp -u
/usr/bin/ndssnmp -l
3. Start the SNMP subagent.
3.5.5 Issue with 64 Bit Version of Net-Snmp
To resolve this, you should install
net-snmp-32bit rpm on SLES 9 and 10 64 bit
platform. This rpm is available on SLES
install CDs.
ndssnmpsa requires 32-bit netsnmp
libraries on 64-bit Linux.
3.6 Increasing the Size of the eDirectory Log Files
You can use Novell iManager to increase the
maximum size of the eDirectory log files (in
iManager, click eDirectory Maintenance Utilities
> Log File > specify which server will perform
the log file operation > authenticate to the
server > Log File Options > enter a new maximum
file size) to a large value (such as several
MBs).
However, the size of the log files can become a
problem and might cause eDirectory to stop
responding.To solve this problem, increase the
heap size allocated to the JVM for iManager by
using an environment variable of the following
form:
TOMCAT_OPTS=-Xmx512m
This increases the JVM heap size from the default
of 64MB to 512MB.
3.7 Faxparameters Issue with NLDAP
NLDAP ignores the faxparameters part of the
facsimile telephone number syntax and only allows
the printable ASCII string, which is the
telephone number. Refer to RFC 2252 for details
of the facsimile telephone number syntax. The
faxparameters correspond to the bit string
component of the NDAP syntax - SYN FAX NUMBER.
3.8 Replacing an Attribute With a Zero Length Value
Through ICE Deletes the Attribute
Consider the following entry specified in an LDIF
file:
#Modify an entry : replace the fullName attribute
with an empty value
dn : cn=user,o=org
changetype : modify
replace : fullName
fullName :
Providing this LDIF entry to ICE will delete the
fullName attribute. Use the ldapmodify tool to
modify such LDIF entries.
3.9 NetMail Version for Upgrading to eDirectory
8.7.3.x
Existing Novell NetMail 3.1 users running
eDirectory 8.6.x on UNIX platforms and upgrading
to eDirectory 8.7.3.x should apply the NetMail
3.10e patch to maintain compatibility with
eDirectory.
3.10 Repair Issues
- 3.10.1 Running ndsrepair on An NFS Mounted DIB
on Linux
- 3.10.2 ndsrepair Fails When the dib Directory
has a Large Number of Stream File Attributes
- 3.10.3 Basic Repair Task in iManager
3.10.1 Running ndsrepair on An NFS Mounted DIB on
Linux
You might get -732 or -6009 errors while
trying to run ndsrepair on an NFS-mounted
DIB on Linux systems.
3.10.2 ndsrepair Fails When the dib Directory has
a Large Number of Stream File Attributes
On SLES 9, If the dib contains more than
1,00,000 stream files ndsrepair -R fails.
To work around this issue, run ndsrepair
as follows:
ndsrepair -R -v no -Ad -av
3.10.3 Basic Repair Task in iManager
In iManager 2.5, the eDirectory
Maintenance > Basic Repair task has been
renamed to eDirectory Maintenance > Repair
eDirectory. The functionality remains the
same, however.
3.11 Missing IP Address Entry in the /etc/hosts File
on Linux
On Linux, if the /etc/hosts file contains only
the local host entry, the IP address entry should
be added.
In the /etc/hosts file, the local host entry
would be displayed as follows:
127.0.0.1 <hostname> localhost.localdomain
localhost
Add the IP address entry to the /etc/hosts file
as follows:
<IP Address> <hostname>
3.12 Manpaths
- 3.12.1 Updating Manpath for SUSE
- 3.12.2 Updating Manpath UnitedLinux
3.12.1 Updating Manpath for SUSE
On SUSE, the manpath /usr/man is not
included in the list of paths specified in
the /etc/manpath.config file. To read
eDirectory man pages, add /etc/manpath to
the list.
Update the MANPATH variable by entering
export
MANPATH=/usr/ldaptools/man:/usr/man:$MANPA
TH.
3.12.2 Updating Manpath UnitedLinux
On UnitedLinux, the manpath /usr/man is
not included in the list of paths
specified in the /etc/manpath.config file.
To read eDirectory man pages, add this
path to the list.
To update the MANPATH variable, type
"export MANPATH=$MANPATH:/usr/man" and
press Enter.
3.13 Creating LDAP Server and Group Objects in
iManager
If you use Novell iManager to create LDAP Server
and Group objects, click LDAP > LDAP Overview,
select the new LDAP Server object, and then click
General > Information > Refresh after the LDAP
objects have been created.
3.14 ndsconfig cannot Set IP Address for
n4u.server.interfaces
You can set the IP address to
n4u.server.interfaces by editing the nds.conf
file.
3.15 Novell Account Management Fails on a Solaris 8
Server Running a Kernel Patch Level of 108528-14
or Higher on Upgrading from eDirectory 8.7 to
8.7.3.x
After an eDirectory 8.7 server on Solaris 8
running Novell Account Management is upgraded to
eDirectory 8.7.3.x, the Novell Account Management
authentication will fail. This will happen only
when the Solaris 8 server is running a kernel
patch level of 108528-14 or higher.
This issue will be fixed in a future release of
eDirectory.
3.16 Increasing the Speed of Bulkloads
To increase the speed of bulkloads when creating
new eDirectory trees, disable Universal Password
until the load is complete.
For more information, see the Universal Password
Deployment Guide
(http://www.novell.com/documentation/lg/nw65/univ
ersal_password/data/front.html).
3.17 Extended Characters Not Supported by LDAP Tools
Extended characters are currently not supported
by LDAP tools. You can use ICE to perform
operations like add, modify, and delete using
appropriate LDIF files.
3.18 OpenSLP Does Not Work on 64-bit SLES 9
OpenSLP does not work on 64 bit SLES 9 as 64 bit
SLES 9 ships the 64 bit version of SLP. However,
eDirectory supports the 32 bit version of SLP.
For eDirectory on SLES to work on OpenSLP, use
the 32 bit versions of /usr/lib/libslp.so.1.0.0
and /usr/bin/slpd.
3.19 Error While Starting ndsd with Locale Other Than
English
Starting the ndsd service with a locale other
than English displays the error "Could not load
Unicode tables."
To bring up an eDirectory server in non-English
locales, export /usr/local/lib as follows:
export SHLIB_PATH=/usr/local/lib:$SHLIB_PATH
3.20 DirXML Issues
- 3.20.1 DirXML Fails to Start After Upgrading
to eDirectory 8.7.3.x
- 3.20.2 Unable to Start ndsd After Installing
DirXML 2.0 on Solaris
3.20.1 DirXML Fails to Start After Upgrading to
eDirectory 8.7.3.x
Upgrading to eDirectory 8.7.3.x with an
existing DirXML installation will cause
DirXML to fail on Solaris and Linux. To
fix this problem, install the NDSdxevnt
library on Solaris or the
NDSdxevnt-1.1.1-1.i386.rpm package on
Linux. These files can be found in the
./setup directory on the DirXML 1.1a
installation CD.
For more information, see Solution
10091030
(http://support.novell.com/cgi-bin/search/
searchtid.cgi?/10091030.htm), "DirXML 1.1a
Fails to Start After Upgrade to eDirectory
8.7.3," in the Novell Knowledgebase.
3.20.2 Unable to Start ndsd After Installing
DirXML 2.0 on Solaris
When you create a DirXML driver set, or
shortly after DirXML loads, the ndsd
process shuts down unexpectedly without a
core dump. The /var/nds/ndsd.log file will
contain the following message:
"Exception java.lang.OutOfMemoryError:
requested -569704448 bytes for char in
/export1/jdk/jdk1.4.2/hotspot/src/os/solar
is/vm/os_solaris.cpp. Out of swap space?"
(The exact number might vary.)
To fix this problem, complete the
following steps:
1. Open /etc/init.d/ndsd.
2. Set GS_FAST_MODE to 0 instead of 1.
This issues has been fixed with eDirectory
8.7.3 IR3.
3.21 Hard Cache Considerations for Solaris
On Solaris systems with more than 2 GB RAM,
setting the hard cache above 1 GB might lead to
core dumps. This is because of memory allocation
incompatibilities with the memory manager library
on Solaris, in some scenarios.
To limit the cache to 1 GB, edit the _ndsdb.ini
(under the dib directory) as follows:
cache=1024000000
You can also modify the cache settings through
iMonitor using the Database Cache page under
Agent Configuration. Select the Hard limit option
and set the Maximum Cache Size in KB.
Refer to the Novell eDirectory Performance Tuning
Guide
(http://www.novell.com/products/edirectory/whitep
apers.html) for more information on the
eDirectory cache and the default cache settings.
3.22 ICE Plug-in Won't Authenticate in iManager for
Import on Linux
When you use the Novell Import Convert Export
iManager plug-in to import hundreds of users with
an LDIF file, you might receive the following
error toward the end of the Wizard when you click
Start:
"ldap_simple_bind failed: 49(Invalid
credentials), dn: cn=admin,o=novell"
This is a known issue in the iManager plug-in.
You can import the same file using the ConsoleOne
snap-in, or the following command at the system
prompt:
ice -S LDIF -f <ldif file> -D LDAP -s <ldap
server IP/DNS name> -p 389 -d <admin dn> -w
<admin passwd>
3.23 Errors When Running edirutil -i on Linux
On SUSE LINUX Enterprise Server 9 and Red Hat
Advanced Server 3.0, the path to Java might be
incorrect in the edirutil program, so when you
enter the edirutil -i command, you will get
errors.
First, check to see if Java is installed, using
the java -version command. If it is installed,
you should get a reply listing the version. If it
is not installed, see if you can find Java using
the following command:
which java
Try entering the full path to run it as
/usr/lib/java/jre/bin/java -version. If that
doesn't work, download and install Java.
After Java is working, find out where the
eDirectory eMBox tools are located (probably in
/usr/lib/nds-modules/embox/eMBoxClient.jar). If
they are not in
/usr/lib/nds-modules/embox/eMBoxClient.jar,
search for the tools using the following command:
find / -name eMBoxClient.jar
Run java and execute the eMBox command line
client. You can leave out the full path
specification if the required directory is your
current working directory or if the path has been
set to the java directory. The full path request
looks similar to the following:
/usr/lib/java/jre/bin/java -cp
/usr/lib/nds-modules/eMBoxClient.jar embox -i
3.24 File Descriptor Limitation on Solaris
On Solaris, the ndsd process has a limitation of
having a maximum of 256 file descriptors open.
To work around this constraint, set the value of
the NDSD_USE_STDIO environment variable to 1.
3.25 Cannot View Password Plugin in iManager on
Logging in to eDirectory 8.7.3 SP10
When you login to iManager 2.7 after configuring
eDirectory 8.7.3 SP10 tree, you may not be able
to view Password Roles and Tasks.
The Security Services 2.0.5 patch copies newer
schema files to the server, however they are not
extended by default. Some newer functionality
(such as Passwords iManager plug-in) will not
work until schema has been extended manually.
Please see Manually Extending the Schema
(http://www.novell.com/documentation/edir88/index
.html?page=/documentation/edir88/edir88/data/amiji
j0.html) for instructions on extending schema.
Schema needs to be extended once per tree. (The
schema files which need to be extended are:
nmas.sch, nspm.sch, notf.sch, and nsimpm.sch)
3.26 Nds-uninstall Removes Only 8.7.3.10 eDirectory
Administration Utilities
When you uninstall eDirectory using nds-uninstall
script, it removes only the administration
utilities. Server utilities are not removed. It
also pops up a message that it is removing
8.7.3.9 administration utilities.
To work around this issue: Run nds-uninstall
again to remove the server utilities.
4.0 Change Log
This section lists the defects that were fixed with
this patch and additionally, the modifications made.
- 4.1 ds
- 4.2 nldap
- 4.3 ncpengine
- 4.4 install
- 4.5 ldap
- 4.6 iMonitor
- 4.7 dsrepair
- 4.8 snmp
- 4.9 eMBox
- 4.10 httpstk
- 4.11 ice
- 4.12 jclient
4.1 ds
Resolved: Crash that could occur issue when an
invalid number of RDNs in tuned name was
specified (368835).
Resolved: Prevent network addresses being added
to objects that don't have it as a schema
attribute (379917).
Resolved: Issue where Advanced Referral Costing
prevented Apache from starting (378880).
Resolved: Disable Advanced Referral Costing by
default.
Resolved: Issue on startup ndsd cores due to
memory corruption and a double release of
resources. (83020).
Resolved: Issue of duplicate password check
ignored with "Require Unique Passwords" checked
(97104).
Resolved: Objects continually synch after
partition merge due to ds not putting latest
timestamp in inactive child TV replica number
(155652).
Resolved: ndsd shuts down if an error is returned
during ndsconfig add -m <module> (156428).
Resolved: Man page created for ndsautotrace
utility (158565).
Resolved: Dumping core in windows while upgrading
from 873 SP8 to 8.8 SP1 during broadcast to
stations (164396).
Resolved: Nessus scan of Linux server causes ndsd
high utilization (192595).
Resolved: Heap overflow security vulnerability -
(197627&195511\197631&195508).
Resolved: Invalid free security vulnerability -
(197629/195523).
Resolved: DoS security vulnerability -
(197711\195510).
Resolved: Ndsd cores on object name resolve -
(203180).
4.2 nldap
Resolved: Added messages in ldap search trace
when LDAP skips a "duplicate" attribute (IE.,
App:Path vs. appPath) (94515).
Resolved: SSLv2 disabled in LDAP (156683 &
182127).
Resolved: Search now ignores any search
predicates which could cause a syntax violation
(RFC2251) (155554).
Resolved: LDAP Server failing if certificate is
unassociated unless der file is exported as
trusted root (162974).
Resolved: LDAP returning null (EID) on DN syntax
instead of converting it to DN (Example: value
returned when adding user to a group)
(169806/155097).
Resolved: LDAP returning non-present values
(170841)).
Resolved: Log elapsed time for all LDAP
operations (177174).
4.3 ncpengine
Resolved: Issue where connections would be
erroneously destroyed resulting in -625 errors
when communicating to the server (378165)
Resolved: ndsd cores when ncpengine destroys a
NCP connection session. (191182).
4.4 install
Fixed ZFS SPKs to allow Zen install of the
support pack (NetWare and Windows) (375988).
Changed the name of APPENDLOG.NLM to WRITELOG.NLM
to account for long file name restrictions during
remote installs (NetWare) (376911).
Resolved: Edir8738ftf_1 install removes ldapsdk &
ldapx from ndsmodules.conf (200329). Now
ndsmodules.conf file si backed up and restored.
4.5 ldap
Resolved crash that would occur with invalid
extensibleMatch filter (373853).
4.6 iMonitor
Resolved: Issue where database entry cache
percentages were being incorrectly displayed
(378905).
4.7 dsrepair
Resolved: Issue where illegal attributes that
violated class rules on entries were not being
purged (379917).
Resolved: Dsrepair speed enhancements, especially
on non-Netware platforms (83042).
Resolved: Destroy selected replica now updates
the ndsStatusRepair attribute of the pseudoserver
(168102).
Resolved: Incorrect port was added to ncpserver
and referal list after repair network address
(186311).
Resolved: Fixed the -at switch (207153\207151).
Resolved: Messages now show the progress of
object repairs (122521).
4.8 snmp
Resolved: Subagent stops after a random amount of
time (142769).
Resolved: Restarting the SNMP subagent fails with
-255 when other locales are used (151067)
Resolved: Subagent crashes with a segmentation
fault (205042).
Resolved: Trap and statistics messages would no
longer be displayed if the defs file was not in
default location (208663).
4.9 eMBox
Resolved: Issue where services could be
controlled without being authenticated (357369).
Resolved: Issue where user password is displayed
in clear text using embox through iManager
(93995).
4.10 httpstk
Resolved: Issue of remote code execution
vulnerability in httpstk (205313).
4.11 ice
Resolved: Issue that ICE would not work in French
locale (156011).
4.12 jclient
Resolved: Issue where incorrect privileges were
assigned when there was no password suppiled
(83008).
5.0 Documentation Issues
- 5.1 eDirectory 8.7.3 Documentation
- 5.2 Additional Readme Information
5.1 eDirectory 8.7.3 Documentation
The latest eDirectory 8.7.3 documentation is
present at the Novell eDirectory 8.7.3
Documentation site
(http://www.novell.com/documentation/edir873/inde
x.html).
The latest version of this readme is available at
the Novell eDirectory 8.7.3 Documentation Site
(http://www.novell.com/documentation/edir873/inde
x.html).
5.2 Additional Readme Information
- 5.2.1 Novell eDirectory 8.7.x Readme Addendum
- 5.2.2 NMAS Issues
- 5.2.3 Certificate Server Issues
- 5.2.4 NICI Issues
5.2.1 Novell eDirectory 8.7.x Readme Addendum
For information on additional eDirectory
issues for this release, refer to Solution
#10073723, titled "Novell eDirectory 8.7.x
Readme Addendum," in the Novell Knowledge
Base (http://support.novell.com).
5.2.2 NMAS Issues
For NMAS information, refer to the
Security Services Readme
(http://www.novell.com/documentation/nmas3
2/index.html) located with the NMAS 3.2
online documentation
(http://www.novell.com/documentation/nmas3
2/index.html).
5.2.3 Certificate Server Issues
For Certificate Server information, refer
to the Security Services Readme
(http://www.novell.com/documentation/nmas3
2/readme/security_readme205.html) located
with the Novell Certificate Server 2.7
online documentation
(http://www.novell.com/documentation/crt33
/index.html).
5.2.4 NICI Issues
For NICI information, refer to the
Security Services Readme
(http://www.novell.com/documentation/nmas3
2/readme/security_readme205.html) located
with the NICI 2.7.x online documentation
(http://www.novell.com/documentation/nici2
7x).
6.0 Legal Notices
Novell, Inc. makes no representations or warranties
with respect to the contents or use of this
documentation, and specifically disclaims any express
or implied warranties of merchantability or fitness
for any particular purpose. Further, Novell, Inc.
reserves the right to revise this publication and to
make changes to its content, at any time, without
obligation to notify any person or entity of such
revisions or changes.
Further, Novell, Inc. makes no representations or
warranties with respect to any software, and
specifically disclaims any express or implied
warranties of merchantability or fitness for any
particular purpose. Further, Novell, Inc. reserves the
right to make changes to any and all parts of Novell
software, at any time, without any obligation to
notify any person or entity of such changes.
Any products or technical information provided under
this Agreement may be subject to U.S. export controls
and the trade laws of other countries. You agree to
comply with all export control regulations and to
obtain any required licenses or classification to
export, re-export, or import deliverables. You agree
not to export or re-export to entities on the current
U.S. export exclusion lists or to any embargoed or
terrorist countries as specified in the U.S. export
laws. You agree to not use deliverables for prohibited
nuclear, missile, or chemical biological weaponry end
uses. Please refer to
http://www.novell.com/info/exports/
(http://www.novell.com/info/exports/) for more
information on exporting Novell software. Novell
assumes no responsibility for your failure to obtain
any necessary export approvals.
Copyright 2003-2008 Novell, Inc. All rights reserved.
No part of this publication may be reproduced,
photocopied, stored on a retrieval system, or
transmitted without the express written consent of the
publisher.
Novell, Inc. has intellectual property rights relating
to technology embodied in the product that is
described in this document. In particular, and without
limitation, these intellectual property rights may
include one or more of the U.S. patents listed at
http://www.novell.com/company/legal/patents
(http://www.novell.com/company/legal/patents) and one
or more additional patents or pending patent
applications in the U.S. and in other countries.
For a list of Novell trademarks, see the Novell
Trademark and Service Mark list
(http://www.novell.com/company/legal/trademarks/tmlist
.html) at
http://www.novell.com/company/legal/trademarks/tmlist.
html.
All third-party products are the property of their
respective owners.
This product includes software developed by the
OpenSSL Project for use in the OpenSSL Toolkit
(http://www.openssl.org).